CVE-2021-38492
Summary
| CVE | CVE-2021-38492 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-03 01:15:00 UTC |
| Updated | 2022-12-09 19:19:00 UTC |
| Description | When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | All | All | All | All |
| Application | Mozilla | Thunderbird | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Vulnerabilities fixed in Firefox ESR 78.14 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Firefox 92 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Thunderbird 78.14 — Mozilla | MISC | www.mozilla.org | |
| Access Denied | MISC | bugzilla.mozilla.org | |
| Mozilla Thunderbird: Multiple Vulnerabilities (GLSA 202208-14) — Gentoo security | GENTOO | security.gentoo.org | |
| Security Vulnerabilities fixed in Firefox ESR 91.1 — Mozilla | MISC | www.mozilla.org | |
| Security Vulnerabilities fixed in Thunderbird 91.1 — Mozilla | MISC | www.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 375833 Mozilla Firefox Multiple Vulnerabilities (MFSA2021-38)
- 375834 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-39)
- 375836 Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-40)
- 375837 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-41)
- 375838 Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-42)
- 501552 Alpine Linux Security Update for firefox-esr
- 502069 Alpine Linux Security Update for firefox-esr
- 502080 Alpine Linux Security Update for firefox
- 502381 Alpine Linux Security Update for thunderbird
- 503632 Alpine Linux Security Update for thunderbird
- 503634 Alpine Linux Security Update for thunderbird
- 503650 Alpine Linux Security Update for thunderbird
- 503669 Alpine Linux Security Update for thunderbird
- 503851 Alpine Linux Security Update for firefox
- 504812 Alpine Linux Security Update for firefox-esr
- 506260 Alpine Linux Security Update for thunderbird
- 710585 Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202208-14)
- 751210 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3331-1)
- 751226 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3331-1)
- 751237 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3451-1)
- 751246 OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:1367-1)
- 751369 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3191-1)
- 751542 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:4150-1)
- 751566 OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:1635-1)
- 752111 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1582-1)
- 752113 SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1577-1)